我们用ssh连接机器时候需要输用户名、密码,但是直接写账户文件的时候由于用的是明文,就存在安全的问题了。别人一旦截取了数据就获得了隐私了。这时候就用上ssh的密钥。
ssh的密钥存是成对出现的,一个叫公钥,一个是私钥。公钥是给别人的,私钥存在自己手里。在连接的时候两把钥匙配对成功,就可以建立数据连接。
[root@localhost ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.这个就是私钥的存储路径 Your public key has been saved in /root/.ssh/id_rsa.pub.这个是公钥 The key fingerprint is: SHA256:uRVPB4eYb3mXG7j7BcIeOEG83TSS7ApCzyDdU5P1abE root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | . . o+*ooo | | . + o.=.=+o+ | | o + .o=.=E..| | . +..B*+oo.| | .S.+o=.o.o| | o.o + o | | . . . .| | . .| | .. | +----[SHA256]-----+
我们在看看这对密钥
[root@localhost ~]# cat /root/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA4oRNlaIoefdsSuYmoLUdV7C2JtzKv6hd6UsC1FUEFfgjn/SV 5StzkVqnOWwEed77WOwW2my+n7pW6G3AyXtPAgrdih7Jpn6RG0AW3D0tkOlLN2/j L3znlfsqGpQ63hBPRPjSswmCMILfRhOnY+KbsAEmeClcQIjUEsljomSMS2BT+zTZ HyI1QLTdeET/DKxSrOcQPy+qNSSma7dAGDINNT8CVC7tdj62PVj1vgJ/lXJeTR79 wh0aKHuBfTp9zqBDVQRzAhjX4I3xBTwKh+tgdSrX55ltQqhxA0KaqvoB2ZCG5VuE 6U4XI8DUUEDtBY+AmCSUtWH+bDMwOI5ooNdL5wIDAQABAoIBAQCwO/lU+wX85sjF eU0Cagc7S4xcrhm8hdUTBj5cTwzPvvCQqa3Z0DWpGFvUrDrLSvZJV93r8QFaqpKl YYbF+38b+rIknRGMzRo+ll1y2tJR1YCk0BN0xfw0T2aRqVQno47Y/bKIg1RcQ+ZM 0kvAxfUVOb/ha2SP/STqvO8c0Jfqp78pwsEiT8BCRPERsFJR6E2QSjWJQu2QPRO+ Q51tHTVdzi4Z2jXjwbh/SwpKbK0zEsEa625RSocZXciT+b3IUYIZj0my0+Kmx6cE cO5tZqxL3FE0NUQaGHhs3NCscoqb/oigRvNMxHY+9kP9+voI7GZGgf4lYZWO9FId njjYc6q5AoGBAP/RnTw9SKLlHAa7ID8ThDe0BOIQKwPlyOKrV114MKbceuTHbdBc NopzFF2Sg6MrCrgjyTvu9ymBcoHYNx0DdZQitI9cFLfD/7tgLmHCFBqxnc0aVmgg 9qGJ2hW3hM8lHK6mCCzdqlYF7R0UdkcoI6Cw5uznAKDE3Miesj7qyFZNAoGBAOKt YDCgMeSRBWy0Jkf6RKP+cUvLGBNZOIyz8QerRhNN8FAjXQwun6yUrzdEq2GgOM4c 3GQKKSLikOn8jWczIPPA8/WIGEqIdWscDx2tjOCf2IID9bmWp1mIEo/66t9rQpqL RUnCDC388aY7ddvAo/6yFd+PHvj3TXuJ2jPZfe0DAoGANszZaOkb4UFBErQNQVXV 8fTPQvoBrPERanUX3v77NRNwBAgwnvzR9jCWwUC8kDyNLEsGNZ+INMz1EZmWnNF7 44LXuQoZqhADfUkqRmjD08AOtLwanG3LR2l3XUWV3qXtkgAhKjNF5O2aEKusdqvD jg23OjJ18Pqa7SMJve6fgdUCgYBytOGUObyFuY1RMOieS9soUb3raN7KC8A+E2DJ TLatVidhpkOTwpQytRrlkO5Y/MdCJgCw7yNZ7+T9QzwbGRh3wRCzEyeXr+4bQZu0 nPpJQRpC0NYsEDynZeBe086/OHv/0LJDXNrk+rceM8C0b4uNe3juJHK78glXlq7A xjKfGQKBgQDIOERmoRikK4qihhp6eKaVL8slCKNc+qxBhAWTr6Da4lfXrd8GkiNR WPH4ZNHlIq6Cv8qZaypqdkrw9CsIHYDPQ3gSj/C3PMmXU24f6c2LkEhauOInK+22 qHHJv0blEfQWIs5Uj0yJC5qetGxyT+6n7kTdxgKzXteTX8ltDtvJqg== -----END RSA PRIVATE KEY----- [root@localhost ~]#
[root@localhost ~]# cat /root/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDihE2Voih592xK5iagtR1XsLYm3Mq/qF3pSwLUVQQV+COf9JXlK3ORWqc5bAR53vtY7BbabL6fulbobcDJe08CCt2KHsmmfpEbQBbcPS2Q6Us3b+MvfOeV+yoalDreEE9E+NKzCYIwgt9GE6dj4puwASZ4KVxAiNQSyWOiZIxLYFP7NNkfIjVAtN14RP8MrFKs5xA/L6o1JKZrt0AYMg01PwJULu12PrY9WPW+An+Vcl5NHv3CHRooe4F9On3OoENVBHMCGNfgjfEFPAqH62B1KtfnmW1CqHEDQpqq+gHZkIblW4TpThcjwNRQQO0Fj4CYJJS1Yf5sMzA4jmig10vn root@localhost.localdomain [root@localhost ~]#
我们现在启动两台linux,用户名分别是user_on_1和user_on_2
可以看到各自的ip和用户名。现在我们在user1上用ssh登陆user2
[user_on_1@localhost ~]$ ssh user_on_2@192.168.233.130
其实在IP后面应该还有个-p端口号,这里省略了。
发现是需要输入登陆密码的,不是我们要的结果。我们在user1的/etc/.ssh文件夹下查找authorized_keys这个文件,把use2的公钥放进去,重新登陆,应该就没问题了!
对了,要把.ssh文件夹的权限改成700,authorized_keys的权限改为600
chmod 700 .ssh
chmod 600 authorized_keys
ps:我这里说的是应该,因为我也没成功,网上查的资料说StrictModes设置有问题,改了依旧没成功,先记下来,随着Linux的学习留给以后解决吧——20190118.